PARTITIONING.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

## DESCRIPTION ##

## mount /dev/sdX1 /mnt/boot## sd as home and persist (4 and 60GB) (encrypted) (in btrfs subvols)

## root as nix and (encrypted) and boot (150M)

## tmpfs as root


## TUTORIAL ## 

# New method
```
nix run .#nixosConfigurations.HOST.config.disko-create
nix run .#nixosConfigurations.HOST.config.disko-mount
```

# Create and Format 64M EFI Partition
mkfs.fat -F 32 /dev/$EFIPARTITION

# Create and Encrypt 200M /boot Partition
cryptsetup --verify-passphrase -v luksFormat --type luks1 /dev/$BOOTPARTITION
cryptsetup open /dev/$BOOTPARTITION encrypted_boot
mkfs.fat -F 32 /dev/mapper/encrypted_boot


# Create and Encrypt /nix Partition
cryptsetup --verify-passphrase -v luksFormat /dev/$NIXPARTITION
cryptsetup open /dev/$NIXPARTITION encrypted_nix
mkfs.btrfs /dev/mapper/encrypted_nix

# Format /nix Partition
mount -t btrfs /dev/mapper/encrypted_nix /mnt
btrfs subvolume create /mnt/nix
umount /mnt


# Create and Encrypt /home and /persist Partitions
cryptsetup --verify-passphrase -v luksFormat /dev/$HOME_AND_PERSIST_PARTITION
cryptsetup open /dev/$NIXPARTITION encrypted_home_and_persist
mkfs.btrfs /dev/mapper/encrypted_home_and_persist

# Format /home and /persist Partitions
mount -t btrfs /dev/mapper/encrypted_home_and_persist /mnt
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/persist
umount /mnt

# Mount tmpfs in /
mount -t tmpfs none /mnt
mkdir -p /mnt/{boot,nix,persist,home}

# Mount all partitions in /
mount /dev/mapper/encrypted_boot /mnt/boot
mount /dev/$EFIPARTITION /mnt/boot/efi
mount -o subvol=nix,compress-force=zstd,noatime /dev/mapper/encrypted_nix /mnt/nix
mount -o subvol=home,compress-force=zstd /dev/mapper/encrypted_home_and_persist /mnt/home
mount -o subvol=persist,compress-force=zstd,noatime /dev/mapper/encrypted_home_and_persist /mnt/persist

# Install nixos
nixos-install --flake .#HOST